devise_google_authenticator 0.3.7 → 0.3.8

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. checksums.yaml +8 -8
  2. data/README.rdoc +2 -1
  3. data/app/controllers/devise/checkga_controller.rb +10 -0
  4. data/app/controllers/devise/displayqr_controller.rb +1 -1
  5. data/config/locales/en.yml +5 -1
  6. data/lib/devise_google_authenticatable/models/google_authenticatable.rb +14 -1
  7. data/lib/devise_google_authenticatable/patches/check_ga.rb +2 -3
  8. data/lib/devise_google_authenticator.rb +3 -0
  9. data/lib/generators/devise_google_authenticator/install_generator.rb +3 -0
  10. metadata +1 -1
checksums.yaml CHANGED
@@ -1,15 +1,15 @@
1
1
  ---
2
2
  !binary "U0hBMQ==":
3
3
  metadata.gz: !binary |-
4
- ZjMxZmMyYjM2ZWFkNzg3MGUzODE4ZGY0ODc2M2FjODBkN2M2NWJkMQ==
4
+ NjBmNWJmYjg3Yzk3NWE4ZmU1Njg1OTYyOTEwODE0MzUxMDU0ODBjMg==
5
5
  data.tar.gz: !binary |-
6
- ZWVmODk0ZThjZDk4ZTA3YjFhNmNjOWJiMDZlYTZiNGIzYTY2YWYwYw==
6
+ ZDNmNDMwNmQ2ZjgzOTYyNmRlMjY0Y2ZjZGFlNWRiM2QzNmRiOGJhNg==
7
7
  SHA512:
8
8
  metadata.gz: !binary |-
9
- YTk2YzQ0OGVkYzZhOTI1NTY3NjFiYmM3ZTRiMWZiOTU4YzNlZTcxYTQzNDBl
10
- Y2NjMDgyYWVlYzA0ZDNlZjFkMmNmNzA3YjA2YzZiMTViMWQzMzA0MmFmNTQ5
11
- YmUzOGMxYzYzNjg1NTY4NWFiMjIzZGNhNmZjM2IxMjA5ZWEwMGU=
9
+ NTdhZGZmZmFhYjEyMzk3NDEwYmU0ODlhNWViMzQ2MTI4YzA4ZjllNmMxYzhk
10
+ Y2VlMDNmOTM0NTQ5ZmQ5M2Y5OWMyYjFmNzg0MTVjZWM3MTVlOTMyNWVjMDI0
11
+ NTI0NzUyN2RmYmViMWNlZDQ0OWIzYzNiY2NjNTBjOTdkYjc1NTI=
12
12
  data.tar.gz: !binary |-
13
- YWZhM2YwNmM2MGJmYTAwZWYyZDM5Y2YxYTZlZGE3NjI2M2NiM2ZkMWM5MDg3
14
- OTk4NjE2MjJhNjhhZDVjNzhjNGJhODk4MTVkZjA0MzAwNDBlODJlZGNjZjli
15
- ZTY1NDA5ZGYyZGY4MDhjMmRjNjg4OWJkMWZiY2NkMGE3ODYwNzM=
13
+ ZTk2MTk2ODA1YzJkM2E0ZDY5ZmM1YTNhOGJlZTM0ZDZjYjYzNWY1YzUzNzg4
14
+ OWI3Y2U4MDMxN2MwNDg3MTJmM2JkNjI4MzdkOTdhMDcxY2I5ZDNmZTVhYjE3
15
+ MDE4NmNkODBkNTg4MmMyMDkyZjhkNGRmNjQxMzY5OTQxYTlkMWE=
data/README.rdoc CHANGED
@@ -13,13 +13,14 @@ This is a devise[https://github.com/plataformatec/devise] extension to allow you
13
13
  * Version 0.3.5 - Updated README for Rails apps with existing users. (Thanks Jon Collier)
14
14
  * Version 0.3.6 - Slight updates - increased key size, more open gemspec, updated en.yml. (Thanks Michael Guymon)
15
15
  * Version 0.3.7 - Support for current Devise (3.2.0) and Rails4 (Thanks https://github.com/ronald05arias) - integration test still broke - need to address this
16
+ * Version 0.3.8 - Support for remembering the token authentication. (i.e. don't request the token for a configurable amount of time Thanks https://github.com/blahblahblah-) - and seriously, I'm going to try and refactor all the integration tests with Rspec.
16
17
 
17
18
  == Installation
18
19
 
19
20
  Add the gem to your Gemfile (don't forget devise too):
20
21
 
21
22
  * gem 'devise'
22
- * gem 'devise_google_authenticator', '0.3.7'
23
+ * gem 'devise_google_authenticator', '0.3.8'
23
24
 
24
25
  Don't forget to "bundle install"
25
26
 
data/app/controllers/devise/checkga_controller.rb CHANGED
@@ -22,11 +22,21 @@ class Devise::CheckgaController < Devise::SessionsController
22
22
  set_flash_message(:notice, :signed_in) if is_navigational_format?
23
23
  sign_in(resource_name,resource)
24
24
  respond_with resource, :location => after_sign_in_path_for(resource)
25
+
26
+ if not resource.class.ga_remembertime.nil?
27
+ cookies.signed[:gauth] = {
28
+ :value => resource.email << "," << Time.now.to_i.to_s,
29
+ :secure => !(Rails.env.test? || Rails.env.development?),
30
+ :expires => (resource.class.ga_remembertime + 1.days).from_now
31
+ }
32
+ end
25
33
  else
34
+ set_flash_message(:error, :error)
26
35
  redirect_to :root
27
36
  end
28
37
 
29
38
  else
39
+ set_flash_message(:error, :error)
30
40
  redirect_to :root
31
41
  end
32
42
  end
data/app/controllers/devise/displayqr_controller.rb CHANGED
@@ -14,7 +14,7 @@ class Devise::DisplayqrController < DeviseController
14
14
 
15
15
  def update
16
16
  if resource.set_gauth_enabled(resource_params)
17
- set_flash_message :notice, "Status Updated!"
17
+ set_flash_message :notice, :status
18
18
  sign_in scope, resource, :bypass => true
19
19
  redirect_to stored_location_for(scope) || :root
20
20
  else
data/config/locales/en.yml CHANGED
@@ -9,4 +9,8 @@ en:
9
9
  submit: "Continue..."
10
10
  checkga:
11
11
  user:
12
- signed_in: "Signed in successfully from token."
12
+ signed_in: "Signed in successfully from token."
13
+ error: "Sign in failed"
14
+ displayqr:
15
+ user:
16
+ status: "User status updated!"
data/lib/devise_google_authenticatable/models/google_authenticatable.rb CHANGED
@@ -49,6 +49,19 @@ module Devise # :nodoc:
49
49
  end
50
50
  end
51
51
 
52
+ def require_token?(cookie)
53
+ if self.class.ga_remembertime.nil? || cookie.blank?
54
+ return true
55
+ end
56
+ array = cookie.to_s.split ','
57
+ if array.count != 2
58
+ return true
59
+ end
60
+ last_logged_in_email = array[0]
61
+ last_logged_in_time = array[1].to_i
62
+ return last_logged_in_email != self.email || (Time.now.to_i - last_logged_in_time) > self.class.ga_remembertime.to_i
63
+ end
64
+
52
65
  private
53
66
 
54
67
  def assign_auth_secret
@@ -61,7 +74,7 @@ module Devise # :nodoc:
61
74
  def find_by_gauth_tmp(gauth_tmp)
62
75
  find(:first, :conditions => {:gauth_tmp => gauth_tmp})
63
76
  end
64
- ::Devise::Models.config(self, :ga_timeout, :ga_timedrift)
77
+ ::Devise::Models.config(self, :ga_timeout, :ga_timedrift, :ga_remembertime)
65
78
  end
66
79
  end
67
80
  end
data/lib/devise_google_authenticatable/patches/check_ga.rb CHANGED
@@ -11,21 +11,20 @@ module DeviseGoogleAuthenticator::Patches
11
11
 
12
12
  resource = warden.authenticate!(:scope => resource_name, :recall => "#{controller_path}#new")
13
13
 
14
- if resource.respond_to?(:get_qr) and resource.gauth_enabled.to_i != 0 #Therefore we can quiz for a QR
14
+ if resource.respond_to?(:get_qr) and resource.gauth_enabled.to_i != 0 and resource.require_token?(cookies.signed[:gauth]) #Therefore we can quiz for a QR
15
15
  tmpid = resource.assign_tmp #assign a temporary key and fetch it
16
16
  warden.logout #log the user out
17
17
 
18
18
  #we head back into the checkga controller with the temporary id
19
19
  respond_with resource, :location => { :controller => 'checkga', :action => 'show', :id => tmpid}
20
20
 
21
- else #It's not using, or not enabled for Google 2FA - carry on, nothing to see here.
21
+ else #It's not using, or not enabled for Google 2FA, OR is remembering token and therefore not asking for the moment - carry on, nothing to see here.
22
22
  set_flash_message(:notice, :signed_in) if is_flashing_format?
23
23
  sign_in(resource_name, resource)
24
24
  respond_with resource, :location => after_sign_in_path_for(resource)
25
25
  end
26
26
 
27
27
  end
28
-
29
28
  end
30
29
  end
31
30
  end
data/lib/devise_google_authenticator.rb CHANGED
@@ -11,6 +11,9 @@ module Devise # :nodoc:
11
11
 
12
12
  mattr_accessor :ga_timedrift
13
13
  @@ga_timedrift = 3
14
+
15
+ mattr_accessor :ga_remembertime
16
+ @@ga_remembertime = 1.month
14
17
  end
15
18
 
16
19
  # a security extension for devise
data/lib/generators/devise_google_authenticator/install_generator.rb CHANGED
@@ -12,6 +12,9 @@ module DeviseGoogleAuthenticator
12
12
  " # config.ga_timeout = 3.minutes\n\n" +
13
13
  " # Change time drift settings for valid token values. To change the default, uncomment and change the below:\n" +
14
14
  " # config.ga_timedrift = 3\n\n" +
15
+ " # Change setting to how long to remember device before requiring another token. Change to nil to turn feature off.\n" +
16
+ " # To change the default, uncomment and change the below:\n" +
17
+ " # config.ga_remembertime = 1.month\n\n" +
15
18
  "\n", :before => /end[ |\n|]+\Z/
16
19
  end
17
20
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise_google_authenticator
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.7
4
+ version: 0.3.8
5
5
  platform: ruby
6
6
  authors:
7
7
  - Christian Frichot